Phishing attacks are wreaking havoc across businesses - Using modern phishing techniques, malicious actor(s) can even bypass most MFA methods!

Retrieval-based-Voice-Conversion (RVC) using Machine Learning AI is becomingly increasingly accurate. This will

QR codes are designed for usability, not security. Using QRLJacking, a victim can unknowingly grant access to their account by scanning a QR code.

MFA is secure… Unless it’s bypassed.

Another day, another CVE. It is possible to recover the master password in cleartext for KeePass. Write up, examples and a POC to demonstrate CVE-2023-32784

Combining two advanced phishing techniques

Browser In The Browser (BITB) phishing attacks are less common but very effective when used. They’re hard to identify and easy to setup!

Office 365 is widely used however, is rarely configured to best practices which can allow a multitude of attacks/exploitation.

Use this security hardening guide.

The new RCE Microsoft Office exploit in action!

My first time using BurpSuite Intercept and I found a vulnerability which allows me to change the price of items and checkout.

How to deploy AutoElevate via Intune using Endpoint manager

How to force mobile devices to use the Outlook App instead of their native apps.

How to create a DSR Case within Office 365

Some useful scripts to change calendar permissions via Powershell with efficiency and very little effort.

A guide for users/admins to connect to their Office 365 environment with Powershell.

How to check Shared mailbox’s Access Rights via .csv with Powershell. Useful for checking permissions without having to go through the office.com admin/exchange interface.

How to search the mailbox rules on your tenant per user, via Powershell. Great for finding what rules have been setup via the Client/Webapp.